Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped
Various Endpoint Protection firewall features may not work as expected: traffic from network applications is not detected. Configured prompts and actions (block/allow application traffic, or ask user) do not occur. Intrusion Prevention will not log suspicious traffic.
This will happen if the Windows Base Filtering Engine service is stopped.
The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Ensure that the Windows Base Filtering Engine service is running, then continue troubleshooting.